diff --git a/.changelog/4066.txt b/.changelog/4066.txt new file mode 100644 index 00000000000..85fdfc57cd1 --- /dev/null +++ b/.changelog/4066.txt @@ -0,0 +1,36 @@ +```release-note:new-resource +`google_api_gateway_api` +``` +```release-note:new-resource +`google_api_gateway_api_config` +``` +```release-note:new-resource +`google_api_gateway_gateway` +``` +```release-note:new-resource +`google_api_gateway_api_iam_binding` +``` +```release-note:new-resource +`google_api_gateway_api_iam_member` +``` +```release-note:new-resource +`google_api_gateway_api_iam_policy` +``` +```release-note:new-resource +`google_api_gateway_api_config_iam_binding` +``` +```release-note:new-resource +`google_api_gateway_api_config_iam_member` +``` +```release-note:new-resource +`google_api_gateway_api_config_iam_policy` +``` +```release-note:new-resource +`google_api_gateway_gateway_iam_binding` +``` +```release-note:new-resource +`google_api_gateway_gateway_iam_member` +``` +```release-note:new-resource +`google_api_gateway_gateway_iam_policy` +``` diff --git a/google/resource_api_gateway_api_config_test.go b/google/resource_api_gateway_api_config_test.go new file mode 100644 index 00000000000..71664db3c87 --- /dev/null +++ b/google/resource_api_gateway_api_config_test.go @@ -0,0 +1 @@ +package google diff --git a/google/resource_api_gateway_api_test.go b/google/resource_api_gateway_api_test.go new file mode 100644 index 00000000000..71664db3c87 --- /dev/null +++ b/google/resource_api_gateway_api_test.go @@ -0,0 +1 @@ +package google diff --git a/google/resource_api_gateway_gateway_test.go b/google/resource_api_gateway_gateway_test.go new file mode 100644 index 00000000000..71664db3c87 --- /dev/null +++ b/google/resource_api_gateway_gateway_test.go @@ -0,0 +1 @@ +package google diff --git a/google/test-fixtures/apigateway/openapi.yaml b/google/test-fixtures/apigateway/openapi.yaml new file mode 100644 index 00000000000..2dd9d843f83 --- /dev/null +++ b/google/test-fixtures/apigateway/openapi.yaml @@ -0,0 +1,21 @@ +swagger: '2.0' +info: + title: dev + description: Sample API on API Gateway with a Cloud Run backend + version: 1.0.0 +schemes: + - https +produces: + - application/json +paths: + /hello: + get: + summary: Greet a user + operationId: hello + x-google-backend: + address: https://google.com + responses: + '200': + description: A successful response + schema: + type: string \ No newline at end of file diff --git a/website/docs/r/api_gateway_api.html.markdown b/website/docs/r/api_gateway_api.html.markdown new file mode 100644 index 00000000000..bc43e74b2f1 --- /dev/null +++ b/website/docs/r/api_gateway_api.html.markdown @@ -0,0 +1,134 @@ +--- +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in +# .github/CONTRIBUTING.md. +# +# ---------------------------------------------------------------------------- +subcategory: "API Gateway" +layout: "google" +page_title: "Google: google_api_gateway_api" +sidebar_current: "docs-google-api-gateway-api" +description: |- + A consumable API that can be used by multiple Gateways. +--- + +# google\_api\_gateway\_api + +A consumable API that can be used by multiple Gateways. + +~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider. +See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources. + +To get more information about Api, see: + +* [API documentation](https://cloud.google.com/api-gateway/docs/reference/rest/v1beta/projects.locations.apis) +* How-to Guides + * [Official Documentation](https://cloud.google.com/api-gateway/docs/quickstart) + +
+ + Open in Cloud Shell + +
+## Example Usage - Apigateway Api Basic + + +```hcl +resource "google_api_gateway_api" "api" { + provider = google-beta + api_id = "api" +} +``` +
+ + Open in Cloud Shell + +
+## Example Usage - Apigateway Api Full + + +```hcl +resource "google_api_gateway_api" "api" { + provider = google-beta + api_id = "api" + display_name = "MM Dev API" + labels = { + environment = "dev" + } +} +``` + +## Argument Reference + +The following arguments are supported: + + +* `api_id` - + (Required) + Identifier to assign to the API. Must be unique within scope of the parent resource(project) + + +- - - + + +* `display_name` - + (Optional) + A user-visible name for the API. + +* `managed_service` - + (Optional) + Immutable. The name of a Google Managed Service ( https://cloud.google.com/service-infrastructure/docs/glossary#managed). + If not specified, a new Service will automatically be created in the same project as this API. + +* `labels` - + (Optional) + Resource labels to represent user-provided metadata. + +* `project` - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are exported: + +* `id` - an identifier for the resource with format `projects/{{project}}/locations/global/apis/{{api_id}}` + +* `name` - + The resource name of the API. Format `projects/{{project}}/locations/global/apis/{{apiId}}` + +* `create_time` - + Creation timestamp in RFC3339 text format. + + +## Timeouts + +This resource provides the following +[Timeouts](/docs/configuration/resources.html#timeouts) configuration options: + +- `create` - Default is 6 minutes. +- `update` - Default is 6 minutes. +- `delete` - Default is 6 minutes. + +## Import + + +Api can be imported using any of these accepted formats: + +``` +$ terraform import google_api_gateway_api.default projects/{{project}}/locations/global/apis/{{name}} +$ terraform import google_api_gateway_api.default {{project}}/{{name}} +$ terraform import google_api_gateway_api.default {{name}} +``` + +## User Project Overrides + +This resource supports [User Project Overrides](https://www.terraform.io/docs/providers/google/guides/provider_reference.html#user_project_override). diff --git a/website/docs/r/api_gateway_api_config.html.markdown b/website/docs/r/api_gateway_api_config.html.markdown new file mode 100644 index 00000000000..82efa67a95a --- /dev/null +++ b/website/docs/r/api_gateway_api_config.html.markdown @@ -0,0 +1,203 @@ +--- +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in +# .github/CONTRIBUTING.md. +# +# ---------------------------------------------------------------------------- +subcategory: "API Gateway" +layout: "google" +page_title: "Google: google_api_gateway_api_config" +sidebar_current: "docs-google-api-gateway-api-config" +description: |- + An API Configuration is an association of an API Controller Config and a Gateway Config +--- + +# google\_api\_gateway\_api\_config + +An API Configuration is an association of an API Controller Config and a Gateway Config + +~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider. +See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources. + +To get more information about ApiConfig, see: + +* [API documentation](https://cloud.google.com/api-gateway/docs/reference/rest/v1beta/projects.locations.apis.configs) +* How-to Guides + * [Official Documentation](https://cloud.google.com/api-gateway/docs/quickstart) + +
+ + Open in Cloud Shell + +
+## Example Usage - Apigateway Api Config Basic + + +```hcl +resource "google_api_gateway_api" "api_cfg" { + provider = google-beta + api_id = "api-cfg" +} + +resource "google_api_gateway_api_config" "api_cfg" { + provider = google-beta + api = google_api_gateway_api.api_cfg.api_id + api_config_id = "api-cfg" + + openapi_documents { + document { + path = "spec.yaml" + contents = filebase64("test-fixtures/apigateway/openapi.yaml") + } + } +} +``` +
+ + Open in Cloud Shell + +
+## Example Usage - Apigateway Api Config Full + + +```hcl +resource "google_api_gateway_api" "api_cfg" { + provider = google-beta + api_id = "api-cfg" +} + +resource "google_api_gateway_api_config" "api_cfg" { + provider = google-beta + api = google_api_gateway_api.api_cfg.api_id + api_config_id = "api-cfg" + display_name = "MM Dev API Config" + labels = { + environment = "dev" + } + + openapi_documents { + document { + path = "spec.yaml" + contents = filebase64("test-fixtures/apigateway/openapi.yaml") + } + } +} +``` + +## Argument Reference + +The following arguments are supported: + + +* `openapi_documents` - + (Required) + An OpenAPI Specification Document describing an API. + Structure is documented below. + +* `api` - + (Required) + The API to attach the config to. + +* `api_config_id` - + (Required) + Identifier to assign to the API Config. Must be unique within scope of the parent resource(api). + + +The `openapi_documents` block supports: + +* `document` - + (Required) + The OpenAPI Specification document file. + Structure is documented below. + + +The `document` block supports: + +* `path` - + (Required) + The file path (full or relative path). This is typically the path of the file when it is uploaded. + +* `contents` - + (Required) + Base64 encoded content of the file. + +- - - + + +* `display_name` - + (Optional) + A user-visible name for the API. + +* `labels` - + (Optional) + Resource labels to represent user-provided metadata. + +* `gateway_config` - + (Optional) + Immutable. Gateway specific configuration. + If not specified, backend authentication will be set to use OIDC authentication using the default compute service account + Structure is documented below. + +* `project` - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + + +The `gateway_config` block supports: + +* `backend_config` - + (Required) + Backend settings that are applied to all backends of the Gateway. + Structure is documented below. + + +The `backend_config` block supports: + +* `google_service_account` - + (Required) + Google Cloud IAM service account used to sign OIDC tokens for backends that have authentication configured + (https://cloud.google.com/service-infrastructure/docs/service-management/reference/rest/v1/services.configs#backend). + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are exported: + +* `id` - an identifier for the resource with format `projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config_id}}` + +* `name` - + The resource name of the API Config. + +* `service_config_id` - + The ID of the associated Service Config (https://cloud.google.com/service-infrastructure/docs/glossary#config). + + +## Timeouts + +This resource provides the following +[Timeouts](/docs/configuration/resources.html#timeouts) configuration options: + +- `create` - Default is 6 minutes. +- `update` - Default is 6 minutes. +- `delete` - Default is 6 minutes. + +## Import + + +ApiConfig can be imported using any of these accepted formats: + +``` +$ terraform import google_api_gateway_api_config.default projects/{{project}}/locations/global/apis/{{api}}/configs/{{name}} +$ terraform import google_api_gateway_api_config.default {{project}}/{{api}}/{{name}} +$ terraform import google_api_gateway_api_config.default {{api}}/{{name}} +``` + +## User Project Overrides + +This resource supports [User Project Overrides](https://www.terraform.io/docs/providers/google/guides/provider_reference.html#user_project_override). diff --git a/website/docs/r/api_gateway_api_config_iam.html.markdown b/website/docs/r/api_gateway_api_config_iam.html.markdown new file mode 100644 index 00000000000..c95ef5082bc --- /dev/null +++ b/website/docs/r/api_gateway_api_config_iam.html.markdown @@ -0,0 +1,147 @@ +--- +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in +# .github/CONTRIBUTING.md. +# +# ---------------------------------------------------------------------------- +subcategory: "API Gateway" +layout: "google" +page_title: "Google: google_api_gateway_api_config_iam" +sidebar_current: "docs-google-api-gateway-api-config-iam" +description: |- + Collection of resources to manage IAM policy for API Gateway ApiConfig +--- + +# IAM policy for API Gateway ApiConfig +Three different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case: + +* `google_api_gateway_api_config_iam_policy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached. +* `google_api_gateway_api_config_iam_binding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved. +* `google_api_gateway_api_config_iam_member`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved. + +~> **Note:** `google_api_gateway_api_config_iam_policy` **cannot** be used in conjunction with `google_api_gateway_api_config_iam_binding` and `google_api_gateway_api_config_iam_member` or they will fight over what your policy should be. + +~> **Note:** `google_api_gateway_api_config_iam_binding` resources **can be** used in conjunction with `google_api_gateway_api_config_iam_member` resources **only if** they do not grant privilege to the same role. + +~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider. +See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources. + + +## google\_api\_gateway\_api\_config\_iam\_policy + +```hcl +data "google_iam_policy" "admin" { + binding { + role = "roles/apigateway.viewer" + members = [ + "user:jane@example.com", + ] + } +} + +resource "google_api_gateway_api_config_iam_policy" "policy" { + api = google_api_gateway_api_config.api_cfg.api + api_config = google_api_gateway_api_config.api_cfg.api_config_id + policy_data = data.google_iam_policy.admin.policy_data +} +``` + +## google\_api\_gateway\_api\_config\_iam\_binding + +```hcl +resource "google_api_gateway_api_config_iam_binding" "binding" { + api = google_api_gateway_api_config.api_cfg.api + api_config = google_api_gateway_api_config.api_cfg.api_config_id + role = "roles/apigateway.viewer" + members = [ + "user:jane@example.com", + ] +} +``` + +## google\_api\_gateway\_api\_config\_iam\_member + +```hcl +resource "google_api_gateway_api_config_iam_member" "member" { + api = google_api_gateway_api_config.api_cfg.api + api_config = google_api_gateway_api_config.api_cfg.api_config_id + role = "roles/apigateway.viewer" + member = "user:jane@example.com" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `api` - (Required) The API to attach the config to. + Used to find the parent resource to bind the IAM policy to + +* `project` - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + +* `member/members` - (Required) Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + +* `role` - (Required) The role that should be applied. Only one + `google_api_gateway_api_config_iam_binding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + +* `policy_data` - (Required only by `google_api_gateway_api_config_iam_policy`) The policy data generated by + a `google_iam_policy` data source. + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are +exported: + +* `etag` - (Computed) The etag of the IAM policy. + +## Import + +For all import syntaxes, the "resource in question" can take any of the following forms: + +* projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} +* {{project}}/{{api}}/{{api_config}} +* {{api}}/{{api_config}} +* {{api_config}} + +Any variables not passed in the import command will be taken from the provider configuration. + +API Gateway apiconfig IAM resources can be imported using the resource identifiers, role, and member. + +IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g. +``` +$ terraform import google_api_gateway_api_config_iam_member.editor "projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer user:jane@example.com" +``` + +IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g. +``` +$ terraform import google_api_gateway_api_config_iam_binding.editor "projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer" +``` + +IAM policy imports use the identifier of the resource in question, e.g. +``` +$ terraform import google_api_gateway_api_config_iam_policy.editor projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} +``` + +-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + +## User Project Overrides + +This resource supports [User Project Overrides](https://www.terraform.io/docs/providers/google/guides/provider_reference.html#user_project_override). diff --git a/website/docs/r/api_gateway_api_iam.html.markdown b/website/docs/r/api_gateway_api_iam.html.markdown new file mode 100644 index 00000000000..88d6d368df3 --- /dev/null +++ b/website/docs/r/api_gateway_api_iam.html.markdown @@ -0,0 +1,144 @@ +--- +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in +# .github/CONTRIBUTING.md. +# +# ---------------------------------------------------------------------------- +subcategory: "API Gateway" +layout: "google" +page_title: "Google: google_api_gateway_api_iam" +sidebar_current: "docs-google-api-gateway-api-iam" +description: |- + Collection of resources to manage IAM policy for API Gateway Api +--- + +# IAM policy for API Gateway Api +Three different resources help you manage your IAM policy for API Gateway Api. Each of these resources serves a different use case: + +* `google_api_gateway_api_iam_policy`: Authoritative. Sets the IAM policy for the api and replaces any existing policy already attached. +* `google_api_gateway_api_iam_binding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the api are preserved. +* `google_api_gateway_api_iam_member`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the api are preserved. + +~> **Note:** `google_api_gateway_api_iam_policy` **cannot** be used in conjunction with `google_api_gateway_api_iam_binding` and `google_api_gateway_api_iam_member` or they will fight over what your policy should be. + +~> **Note:** `google_api_gateway_api_iam_binding` resources **can be** used in conjunction with `google_api_gateway_api_iam_member` resources **only if** they do not grant privilege to the same role. + +~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider. +See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources. + + +## google\_api\_gateway\_api\_iam\_policy + +```hcl +data "google_iam_policy" "admin" { + binding { + role = "roles/apigateway.viewer" + members = [ + "user:jane@example.com", + ] + } +} + +resource "google_api_gateway_api_iam_policy" "policy" { + project = google_api_gateway_api.api.project + api = google_api_gateway_api.api.api_id + policy_data = data.google_iam_policy.admin.policy_data +} +``` + +## google\_api\_gateway\_api\_iam\_binding + +```hcl +resource "google_api_gateway_api_iam_binding" "binding" { + project = google_api_gateway_api.api.project + api = google_api_gateway_api.api.api_id + role = "roles/apigateway.viewer" + members = [ + "user:jane@example.com", + ] +} +``` + +## google\_api\_gateway\_api\_iam\_member + +```hcl +resource "google_api_gateway_api_iam_member" "member" { + project = google_api_gateway_api.api.project + api = google_api_gateway_api.api.api_id + role = "roles/apigateway.viewer" + member = "user:jane@example.com" +} +``` + +## Argument Reference + +The following arguments are supported: + + +* `project` - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + +* `member/members` - (Required) Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + +* `role` - (Required) The role that should be applied. Only one + `google_api_gateway_api_iam_binding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + +* `policy_data` - (Required only by `google_api_gateway_api_iam_policy`) The policy data generated by + a `google_iam_policy` data source. + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are +exported: + +* `etag` - (Computed) The etag of the IAM policy. + +## Import + +For all import syntaxes, the "resource in question" can take any of the following forms: + +* projects/{{project}}/locations/global/apis/{{name}} +* {{project}}/{{name}} +* {{name}} + +Any variables not passed in the import command will be taken from the provider configuration. + +API Gateway api IAM resources can be imported using the resource identifiers, role, and member. + +IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g. +``` +$ terraform import google_api_gateway_api_iam_member.editor "projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer user:jane@example.com" +``` + +IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g. +``` +$ terraform import google_api_gateway_api_iam_binding.editor "projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer" +``` + +IAM policy imports use the identifier of the resource in question, e.g. +``` +$ terraform import google_api_gateway_api_iam_policy.editor projects/{{project}}/locations/global/apis/{{api}} +``` + +-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + +## User Project Overrides + +This resource supports [User Project Overrides](https://www.terraform.io/docs/providers/google/guides/provider_reference.html#user_project_override). diff --git a/website/docs/r/api_gateway_gateway.html.markdown b/website/docs/r/api_gateway_gateway.html.markdown new file mode 100644 index 00000000000..a4fad68d2db --- /dev/null +++ b/website/docs/r/api_gateway_gateway.html.markdown @@ -0,0 +1,177 @@ +--- +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in +# .github/CONTRIBUTING.md. +# +# ---------------------------------------------------------------------------- +subcategory: "API Gateway" +layout: "google" +page_title: "Google: google_api_gateway_gateway" +sidebar_current: "docs-google-api-gateway-gateway" +description: |- + A consumable API that can be used by multiple Gateways. +--- + +# google\_api\_gateway\_gateway + +A consumable API that can be used by multiple Gateways. + +~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider. +See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources. + +To get more information about Gateway, see: + +* [API documentation](https://cloud.google.com/api-gateway/docs/reference/rest/v1beta/projects.locations.apis) +* How-to Guides + * [Official Documentation](https://cloud.google.com/api-gateway/docs/quickstart) + +
+ + Open in Cloud Shell + +
+## Example Usage - Apigateway Gateway Basic + + +```hcl +resource "google_api_gateway_api" "api_gw" { + provider = google-beta + api_id = "api-gw" +} + +resource "google_api_gateway_api_config" "api_gw" { + provider = google-beta + api = google_api_gateway_api.api_gw.api_id + api_config_id = "api-gw" + + openapi_documents { + document { + path = "spec.yaml" + contents = filebase64("test-fixtures/apigateway/openapi.yaml") + } + } +} + +resource "google_api_gateway_gateway" "api_gw" { + provider = google-beta + api_config = google_api_gateway_api_config.api_gw.id + gateway_id = "api-gw" +} +``` +
+ + Open in Cloud Shell + +
+## Example Usage - Apigateway Gateway Full + + +```hcl +resource "google_api_gateway_api" "api_gw" { + provider = google-beta + api_id = "api-gw" +} + +resource "google_api_gateway_api_config" "api_gw" { + provider = google-beta + api = google_api_gateway_api.api_gw.api_id + api_config_id = "api-gw" + + openapi_documents { + document { + path = "spec.yaml" + contents = filebase64("test-fixtures/apigateway/openapi.yaml") + } + } +} + +resource "google_api_gateway_gateway" "api_gw" { + provider = google-beta + region = "us-central1" + api_config = google_api_gateway_api_config.api_gw.id + gateway_id = "api-gw" + display_name = "MM Dev API Gateway" + labels = { + environment = "dev" + } +} +``` + +## Argument Reference + +The following arguments are supported: + + +* `api_config` - + (Required) + Resource name of the API Config for this Gateway. Format: projects/{project}/locations/global/apis/{api}/configs/{apiConfig} + +* `gateway_id` - + (Required) + Identifier to assign to the Gateway. Must be unique within scope of the parent resource(project). + + +- - - + + +* `display_name` - + (Optional) + A user-visible name for the API. + +* `labels` - + (Optional) + Resource labels to represent user-provided metadata. + +* `region` - + (Optional) + The region of the gateway for the API. + +* `project` - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are exported: + +* `id` - an identifier for the resource with format `projects/{{project}}/locations/{{region}}/gateways/{{gateway_id}}` + +* `name` - + Resource name of the Gateway. Format: projects/{project}/locations/{region}/gateways/{gateway} + +* `default_hostname` - + The default API Gateway host name of the form {gatewayId}-{hash}.{region_code}.gateway.dev. + + +## Timeouts + +This resource provides the following +[Timeouts](/docs/configuration/resources.html#timeouts) configuration options: + +- `create` - Default is 6 minutes. +- `update` - Default is 6 minutes. +- `delete` - Default is 6 minutes. + +## Import + + +Gateway can be imported using any of these accepted formats: + +``` +$ terraform import google_api_gateway_gateway.default projects/{{project}}/locations/{{region}}/gateways/{{name}} +$ terraform import google_api_gateway_gateway.default {{project}}/{{region}}/{{name}} +$ terraform import google_api_gateway_gateway.default {{region}}/{{name}} +$ terraform import google_api_gateway_gateway.default {{name}} +``` + +## User Project Overrides + +This resource supports [User Project Overrides](https://www.terraform.io/docs/providers/google/guides/provider_reference.html#user_project_override). diff --git a/website/docs/r/api_gateway_gateway_iam.html.markdown b/website/docs/r/api_gateway_gateway_iam.html.markdown new file mode 100644 index 00000000000..eab87230905 --- /dev/null +++ b/website/docs/r/api_gateway_gateway_iam.html.markdown @@ -0,0 +1,152 @@ +--- +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in +# .github/CONTRIBUTING.md. +# +# ---------------------------------------------------------------------------- +subcategory: "API Gateway" +layout: "google" +page_title: "Google: google_api_gateway_gateway_iam" +sidebar_current: "docs-google-api-gateway-gateway-iam" +description: |- + Collection of resources to manage IAM policy for API Gateway Gateway +--- + +# IAM policy for API Gateway Gateway +Three different resources help you manage your IAM policy for API Gateway Gateway. Each of these resources serves a different use case: + +* `google_api_gateway_gateway_iam_policy`: Authoritative. Sets the IAM policy for the gateway and replaces any existing policy already attached. +* `google_api_gateway_gateway_iam_binding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the gateway are preserved. +* `google_api_gateway_gateway_iam_member`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the gateway are preserved. + +~> **Note:** `google_api_gateway_gateway_iam_policy` **cannot** be used in conjunction with `google_api_gateway_gateway_iam_binding` and `google_api_gateway_gateway_iam_member` or they will fight over what your policy should be. + +~> **Note:** `google_api_gateway_gateway_iam_binding` resources **can be** used in conjunction with `google_api_gateway_gateway_iam_member` resources **only if** they do not grant privilege to the same role. + +~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider. +See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources. + + +## google\_api\_gateway\_gateway\_iam\_policy + +```hcl +data "google_iam_policy" "admin" { + binding { + role = "roles/apigateway.viewer" + members = [ + "user:jane@example.com", + ] + } +} + +resource "google_api_gateway_gateway_iam_policy" "policy" { + project = google_api_gateway_gateway.api_gw.project + region = google_api_gateway_gateway.api_gw.region + gateway = google_api_gateway_gateway.api_gw.gateway_id + policy_data = data.google_iam_policy.admin.policy_data +} +``` + +## google\_api\_gateway\_gateway\_iam\_binding + +```hcl +resource "google_api_gateway_gateway_iam_binding" "binding" { + project = google_api_gateway_gateway.api_gw.project + region = google_api_gateway_gateway.api_gw.region + gateway = google_api_gateway_gateway.api_gw.gateway_id + role = "roles/apigateway.viewer" + members = [ + "user:jane@example.com", + ] +} +``` + +## google\_api\_gateway\_gateway\_iam\_member + +```hcl +resource "google_api_gateway_gateway_iam_member" "member" { + project = google_api_gateway_gateway.api_gw.project + region = google_api_gateway_gateway.api_gw.region + gateway = google_api_gateway_gateway.api_gw.gateway_id + role = "roles/apigateway.viewer" + member = "user:jane@example.com" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `region` - (Optional) The region of the gateway for the API. + Used to find the parent resource to bind the IAM policy to. If not specified, + the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no + region is specified, it is taken from the provider configuration. + +* `project` - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + +* `member/members` - (Required) Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + +* `role` - (Required) The role that should be applied. Only one + `google_api_gateway_gateway_iam_binding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + +* `policy_data` - (Required only by `google_api_gateway_gateway_iam_policy`) The policy data generated by + a `google_iam_policy` data source. + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are +exported: + +* `etag` - (Computed) The etag of the IAM policy. + +## Import + +For all import syntaxes, the "resource in question" can take any of the following forms: + +* projects/{{project}}/locations/{{region}}/gateways/{{name}} +* {{project}}/{{region}}/{{name}} +* {{region}}/{{name}} +* {{name}} + +Any variables not passed in the import command will be taken from the provider configuration. + +API Gateway gateway IAM resources can be imported using the resource identifiers, role, and member. + +IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g. +``` +$ terraform import google_api_gateway_gateway_iam_member.editor "projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer user:jane@example.com" +``` + +IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g. +``` +$ terraform import google_api_gateway_gateway_iam_binding.editor "projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer" +``` + +IAM policy imports use the identifier of the resource in question, e.g. +``` +$ terraform import google_api_gateway_gateway_iam_policy.editor projects/{{project}}/locations/{{region}}/gateways/{{gateway}} +``` + +-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the + full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`. + +## User Project Overrides + +This resource supports [User Project Overrides](https://www.terraform.io/docs/providers/google/guides/provider_reference.html#user_project_override). diff --git a/website/google.erb b/website/google.erb index 6d1f33be7bb..b5f8794ab5e 100644 --- a/website/google.erb +++ b/website/google.erb @@ -43,6 +43,42 @@ +
  • + API Gateway + +
    • +
  • Access Approval